iPhone 3GS security improvements
One of the announcements Apple made during this week’s WWDC conference was that the iPhone 3GS will include an extra security feature aimed mostly at enterprise deployments: “encryption” that will enable a remote wipe feature. The only thing missing are details about what will be encrypted; this text is the only information I’ve managed to find on Apple’s website so far:
iPhone 3G S offers highly secure hardware encryption that enables instantaneous remote wipe. You can even encrypt your iTunes backups.
While this sounds very good, the careful way in which Apple chose their words suggests that this might not be as great a feature as it appears at first glance. Here are some points that Apple might want to clarify:
- What data will be encrypted? Will this apply to all data on the flash drive, or just data for which Apple decides encryption is needed?
- How will the encryption key be protected? To make sure the encryption is safe enough, you’ll need a decent encryption key; and by definition, that key will be very hard to enter if it’s needed any time the phone is used. A way to work around this might be to store the encryption key on the device itself, and require a PIN or other simpler password to unlock it.
- The wording of Apple’s announcement suggests that backups to iTunes won’t be encrypted, but that data will be encrypted in iTunes as soon as it is received.
- There are no details about the “remote wipe” feature either. I’m assuming the remote wipe feature requires a network connection to an Apple server that decides whether or not to empty the phone; how will this work if the phone doesn’t have any connection to a mobile network? It would be trivial for anybody interested in your private data to obtain a cell phone jammer, preventing the “wipe” signal from reaching the iPhone.
The second question is, IMHO, the most important one; from a usability perspective, you’d want the key to be somewhere in memory instead of requiring the user to enter it multiple times per day. This makes it vulnerable to more sophisticated attacks in which the iPhone is opened and the flash card removed. This might sound like a lot of work, but if the data on the phone is so sensitive it requires encryption it is a scenario that you’ll have to take into account.
I hope Apple will provide more information later this week; if they do I’ll update this post. If anyone has extra information feel free to leave it in the comments below!
June 11th, 2009 at 11:28 am
A standard needs to be created so all phones from all brands on all networks (including computers with webcams) can video call with each other. (If hardly anyone can talk with each other, like if you could only talk to other iPhone owners, it won’t ever catch on)
Cell networks need to be dramatically improved to allow for anything close to wide-spread usable quality. (people need to just know that video calling will work no matter where they are before they start regularly using it. If it seems spotty, they’ll just forget about it)
Until then it will be an extremely buggy, gimmicky feature that you might use to show off but when it came down to it, would sit idle. They’re BARELY getting MMS standardized between different carriers (even just a few years ago it was big news that Verizon and Sprint could send pictures to each other) and phones and imagine how simple that is compared to live streaming video.
share your views at http://www.iPhone3GS.org it’s just for the iPhone 3G s.
June 20th, 2009 at 4:24 am
The security features sound nice but like you said those words seem awfully carefully chosen. Maybe things aren’t what they appear to be.
Time will tell.
June 23rd, 2009 at 9:53 pm
I suspect that the encryption is simply to make remote wipe instantaneous. Encrypt everything in storage, and when you receive the wipe command, flush the key. No need to purge what is being stored. No extra hassle for the user, because the key is stored for them.
January 27th, 2010 at 9:44 pm
Hello there, I’m using Kubuntu Linux 8.1 and the Epiphany 2.0 web browser, and your blog looks rather screwed up. Might want to look into it. I’m out!
January 31st, 2010 at 11:43 am
Thanks for the heads-up; it appears to be fixed now (at least on Ubuntu 9.1 with Epiphany 2.28).